===========================================================
Ubuntu Security Notice USN-38-1 December 14, 2004
linux-source-2.6.8.1 vulnerabilities
CAN-2004-0814, CAN-2004-1016, CAN-2004-1056, CAN-2004-1058,
CAN-2004-1068, CAN-2004-1069, CAN-2004-1137, CAN-2004-1151
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
linux-image-2.6.8.1-4-386
linux-image-2.6.8.1-4-686
linux-image-2.6.8.1-4-686-smp
linux-image-2.6.8.1-4-amd64-generic
linux-image-2.6.8.1-4-amd64-k8
linux-image-2.6.8.1-4-amd64-k8-smp
linux-image-2.6.8.1-4-amd64-xeon
linux-image-2.6.8.1-4-k7
linux-image-2.6.8.1-4-k7-smp
linux-image-2.6.8.1-4-power3
linux-image-2.6.8.1-4-power3-smp
linux-image-2.6.8.1-4-power4
linux-image-2.6.8.1-4-power4-smp
linux-image-2.6.8.1-4-powerpc
linux-image-2.6.8.1-4-powerpc-smp
The problem can be corrected by upgrading the affected package to
version 2.6.8.1-16.3. You need to reboot the computer after doing a
standard system upgrade to effect the necessary changes.
ATTENTION: Due to an unavoidable ABI change this kernel got a new
version number, which requires to recompile and reinstall all third
party kernel modules you might have installed. If you use
linux-restricted-modules, you have to update that package as well to
get modules which work with the new kernel version.
Details follow:
CAN-2004-0814:
Vitaly V. Bursov discovered a Denial of Service vulnerability in the "serio"
code; opening the same tty device twice and doing some particular operations on
it caused a kernel panic and/or a system lockup.
Fixing this vulnerability required a change in the Application Binary
Interface (ABI) of the kernel. This means that third party user installed
modules might not work any more with the new kernel, so this fixed kernel got
a new ABI version number. You have to recompile and reinstall all third party
modules.
CAN-2004-1016:
Paul Starzetz discovered a buffer overflow vulnerability in the "__scm_send"
function which handles the sending of UDP network packets. A wrong validity
check of the cmsghdr structure allowed a local attacker to modify kernel
memory, thus causing an endless loop (Denial of Service) or possibly even
root privilege escalation.
CAN-2004-1056:
Thomas Hellstr

-
漏洞讨论

The Linux kernel /proc filesystem is reported susceptible to an information-disclosure vulnerability. This issue is due to a race-condition allowing unauthorized access to potentially sensitive process information.

This vulnerability may allow malicious local users to gain access to potentially sensitive environment variables in other users' processes. Since some programs pass passwords and other sensitive information in environment variables, this may aid a malicious user in further attacks.

Further details are unavailable at this time. This BID will be updated as further analysis is completed.

-
漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

-
解决方案

Vendor updates are available. Please see the referenced advisories for details.